Agnos is a standalone card processing (EMV Level 2) package. That means it can work without the other SDKs from the Amadis One solution. Though, because of security requirements, a few things need to be taken care of.
Agnos usually leverages the Secure Client SDK to protect and export in an encrypted format the sensitive card data (SRED module). In particular, it leverages the libkm_l2.so library which contains the KML2 functions. (KML2: Key Management Level 2), the SRED compilation option must be activated.
If you are not using the Secure Client SDK package, you will need to provide your own implementation of the libkm_l2.so library which will at least contain the following functions:
/**
* ----------------------------------------------------------------------------
* @brief KML2Create: Create L2 KMS client session
* @detail Create a key management client session context and returns a handle
* to the session.
* @param[in] xpJniEnv JNI environmennt
* @param[in] xContext application context
* @param[out] xpSession session handle.
* @retval Error code (0 for no error)
* ----------------------------------------------------------------------------
*/
SDKError_t KML2Create(JNIEnv* xpJniEnv,
jobject xContext,
KML2Session_t* const xpSession);
/**
* ----------------------------------------------------------------------------
* @brief KML2Release: Release a KMS client session
* @detail Release an existing key management client session. Note that the
* session handle will becode invalid after this call and any
* attempt to use it will result in a memory corruption.
* @param[in] xSession Session handle.
* @retval Error code (0 for no error)
* ----------------------------------------------------------------------------
*/
SDKError_t KML2Release(const KML2Session_t xSession);
/**
* ----------------------------------------------------------------------------
* @brief KML2ExportCardData: Export card data
* @detail Generate a session key and encrypt the card data.
*
* - xpPlainDataSz must be a multiple of 16 (AES cipher block size). The caller
* is responsible for the plaintext padding.
*
* - *xppEncData is allocated by the function (if call is successful)
* and must be freed by the caller after use, using the free() function
*
* - The format of *xppEncData is:
* ID(KeK)||E-RSAES-OAEP-SHA256(KeK,Kses||IVses)||E-AES-CBC-128(Kses,IVses,xpPlainData)
* Where:
* KeK is the key encryption key RSA public key
* ID(KeK) is the first 5 bytes of the KeK certificate serial number.
* Kses is the random key
* IVses is the random shared IV
*
* @param[in] xSession session handle
* @param[in] xpPlainData plain text card data, padded.
* @param[in] xpPlainDataSz plain text card data size (bytes)
* @param[out] xppEncData encrypted card data
* @param[out] xpEncDataSz encrypted card data size (bytes)
* @retval Error code (0 for no error)
* ----------------------------------------------------------------------------
*/
SDKError_t KML2ExportCardData(const KML2Session_t xSession,
const uint8_t* xpPlainData, const size_t xPlainDataSz,
uint8_t** const xppEncData, size_t* const xpEncDataSz);
/**
* ----------------------------------------------------------------------------
* @brief KML2ClearBuffer: Delete buffer
* @detail clear and delete buffers allocated by the KML2ExportCardData and
* KML2ConfigRead functions
*
* @param[in] xSession session handle
* @param[in] xpPlainData plain text card data, padded.
* @retval Error code (0 for no error)
* ----------------------------------------------------------------------------
*/
SDKError_t KML2ClearBuffer(const KML2Session_t xSession,
const uint8_t* xpBuffer, const size_t xBufferSz);
Please find attached the corresponding complete km_l2.h file for reference:
For example in reception of APDUs responses from the card a function dev_secured_apdu_filtering() is called for identifying sensible data such as PAN, Track2…
If we found a track2 this function dev_sred_obfuscate_track2() is called for obfuscating the data.
The sensible data are recorded in a secured memory named sdSecuredData
Sensitive data leaving this environment such as in Data Records are obfuscated.
The KML2ExportCardData() function prototype just above gives indications about the output data format. This does NOT have to be followed. You can use your own ouput format, as long as it is sufficiently protected.
To avoid name mangling issues, the easiest model consist in implementing the KML2 library in C (km_l2.c for ex.) and use extern C blocks in the code